Another year, another dose of viruses - here comes Moon-B

By Alun Williams

Posted on 14 Jan 2003 at 12:40

Three virus alerts have been issued regarding Sobig-A, Replog-F and today's speciality, Moon-B.

Sophos, the anti-virus specialists, are warning computer users to be aware of Moon-B, which is a new Visual Basic Script worm. Its effect is to point the home page of your Internet Explorer at a pornographic Web site.

The subject line to be aware of is 'Have a good new year' and the attachment is fotompg.vbs. Sophos reports that the infection will appear in a HTML form. This will try to run an ActiveX script from a Web page that will download and run a copy of the worm stored in your Windows directory.

You can find more info about Moon-B, and how to protect yourself, from the Sophos Web site

While Moon-B is just starting out in the world, the self-propagating Sobig-A is already making its presence felt across the Internet.

The Win32 worm searches files on your hard drive to extract email addresses and then sends out infected emails. Sophos states that when infected the attachment is run, W32/Sobig-A copies itself into the Windows directory as Winmgm32.exe and uses a built-in SMTP engine to spread itself.

The steps necessary to clean up your computer can be found on the Sophos Web site.

To complete the virus picture, Sophos is also warning computer users to be aware of Replog-F. Although this is newly hatched and not very prevalent - so far - more info about this Word 97 macro virus can be found here.